In today's digital landscape, ensuring the highest levels of security and compliance is paramount for businesses, especially when dealing with sensitive data and services. At Cleeng, we have implemented a robust framework of security and compliance measures to protect your data and meet industry standards.
But that's not all; we understand that security is a shared responsibility. That's why, in addition to discussing our measures, we will also provide valuable recommendations for enhancing security on your side.
Compliance
In order to provide the best-in-class service, at Cleeng we take utmost care to meet international standards for data privacy and security. Cleeng is compliant with the following regulations:
- CCPA - California Consumer Privacy Act. Read more about Cleeng and the CCPA.
- GDPR - General Data Protection Regulation for the European Union residents. Read more about Cleeng and the GDPR.
- PSD2 - Payment Services Directive 2. Read more about Cleeng and PSD2.
-
PCI DSS - Payment Card Industry Data Security Standard. It is a set of rules that aim to ensure that companies safely handle cardholder data (i.e., credit card information).
All merchants who process credit card information must be PCI compliant. For payment gateways when a broadcaster is their own merchant of record, the broadcaster is responsible for their own PCI compliance.
Cleeng is PCI-compliant through Adyen and PayPal for Merchant clients.
To find out more, please refer to Adyen’s PCI DSS compliance guide.
- SOC2 - Service Organization Control. Cleeng is SOC2 Type 2 certified. For more information, please see SOC 2 Type 2 Certification Confirms Cleeng’s Commitment to Data Security.
Security measures by Cleeng
Our comprehensive approach to security includes:
-
Secure payments:
- Cleeng's Merchant solution automatically provides you with fraud protection mechanisms.
- Cleeng provides broadcasters with out-of-the-box payment integrations with trusted and recognized payment gateways – Adyen and PayPal.
- Through the above gateways, Cleeng offers a variety of secure global and local payment methods.
- Card payments (through Adyen) support 3D-Secure.
- Tax compliance: Cleeng Merchant applies local regulations to ensure tax compliance in different counties and states you operate in. More about taxes.
- Data Encryption: Your data is safeguarded through state-of-the-art encryption methods at rest and in transit.
- DDoS Protection with Cloudflare: Robust Distributed Denial of Service (DDoS) protection, ensuring uninterrupted access to your services even in the face of malicious traffic surges.
- Access Controls: We employ strict access controls to limit data access only to authorized personnel, reducing the risk of unauthorized breaches. Also, access to infrastructure is possible only via 2FA.
- Regular Audits: Our systems undergo regular security audits and assessments to identify and address vulnerabilities proactively.
- Incident Response Plan: In the event of any security incident, we have a well-defined incident response plan in place to mitigate risks and minimize potential impact.
- Employee Training: Our staff undergoes regular training to stay updated on the latest security best practices, fostering a security-conscious culture within our organization.
Security measures on the broadcaster’s side – integration security guide
Additionally, we recommend that broadcasters complete a number of actions to further strengthen the security of their OTT video platforms:
- Introduce a captcha on the website.
- Add clientIP to the Adyen payment API calls. This will ensure that Cleeng/Adyen fraud filters work because currently no other identifiable cardholder information is passed in those requests. With the accurate IP address passed in the request (as opposed to the generic AWS IPs) it would be easier for us to identify fraudulent purchases.
- Add logging for the site traffic in order to be able to track and determine the IP range of the potential attackers.